IT Management & Governance Diagnostic Program
Prepared for Sample IT Company
This report was prepared by Info-Tech Research Group for Sample IT Company on 2016-05-20. Data is comprised of 6 responses.
TEST DOCUMENT
1. Survey IT leaders to assess IT department strengths and weaknesses• Your IT leadership team will complete a short survey which will identify current state of IT Management &
Governance processes focusing on:
◦ Effectiveness◦ Importance◦ Ownership
2. Review report and establish clear ownership for critical IT functions• With Info-Tech, review your results report to understand your team’s perception of each process’ importance and
effectiveness• Identify where the gaps exist between your team's process scores to see where there is a difference in opinion• Discuss which processes, if improved, would have the greatest impact on your department and organization• Build a plan to ensure clear accountability and to engage a broader team with process accountability• Ensure key IT Leaders are not overwhelmed with accountability
3. Book & Conduct A Team Alignment Exercise• Gather your team and discuss the discrepancies for the processes with the greatest gaps in scores.• Bring the entire team onto the same page re: which processes are most important and least effective.• Establish process owners for the IT processes. Each relevant process must have at least one person accountable for
monitoring and improvement initiatives.• Info-Tech offers a workshop to help you to complete step 3 & 4 in 5-days at your site.
4. Create A Roadmap Of Key Processes To Improve• Once your team has reached a consensus on which processes to focus on, create a process improvement roadmap
outlining which processes your team will focus on over the next 12 months.• Determine responsibilities and timelines, as well as regular checkpoints with your team to monitor progress.
IT Management & Governance Diagnostic Program Sample IT Company # of Responses 6
TEST DOCUMENT2
STRATEGY &GOVERNANCE
EDM01
IT Governance
APO02
IT Strategy
MEA01
PerformanceMeasurement
EDM02
Business Value
APO06
Cost & BudgetManagement
APO10
VendorManagement
FINANCIALMANAGEMENT
APO01
IT Management &Policies
APO04
Innovation
APO08
EDM05
StakeholderRelations
BAI08
KnowledgeManagement
EDM04
CostOptimization
PEOPLE &RESOURCES
APO07
Human ResourcesManagement
ITRG01
IT OrganizationalDesign
ITRG02
Leadership, Culture& Values
ITRG03
Manage ServiceCatalog
SERVICE PLANNING &ARCHITECTURE
APO03
EnterpriseArchitecture
APO09
ServiceManagement
APO11
QualityManagement
INFRASTRUCTURE& OPERATIONS
BAI04
Availability &CapacityManagement
BAI09
AssetManagement
DSS01
OperationsManagement
BAI06
ChangeManagement
BAI10
Con1gurationManagement
DSS02
Service Desk
SECURITY& RISK
DSS05
SecurityManagement
APO12
EDM03
Risk Management
BAI07
ReleaseManagement
DSS03
Incident & ProblemManagement
APO13
Security Strategy
DSS06
MEA02
Business ProcessControls & Internal Audit
MEA03
ExternalCompliance
DSS04
BusinessContinuity
DSS04
Disaster RecoveryPlanning
APPLICATIONS
ITRG04
Application PortfolioManagement
BAI03
Enterprise ApplicationSelection &Implementation
BAI03
ApplicationDevelopmentThroughput
BAI07
ApplicationDevelopment Quality
ITRG05
ApplicationMaintenance
BAI05
OrganizationalChange Management
PPM & PROJECTS
DATA & BI
ITRG06
Business Intelligence& Reporting
ITRG07
Data Architecture
ITRG08
Data Quality
APO05
PortfolioManagement
BAI01
ProjectManagement
BAI02
RequirementsGathering
This diagnostic program was developed using the Info-Tech World Class Operations framework which is made up of IT processes
that map to the COBIT standard based on the numbers in the top right corner. This page is a snapshot of the IT process
landscape within your IT department. The processes have been colour coded based on your team’s importance and effectiveness
scores for each IT process. Use this page to help you prioritize your IT process improvement initiatives.
ImproveProcess
Immediately
HighImportanceand LowEffectiveness
EvaluateProcess
LowImportanceand LowEffectiveness
MaintainProcess
LowImportanceand HighEffectiveness
LeverageProcess
HighImportanceand HighEffectiveness
IT Management & Governance FrameworkA comprehensive and connected set of research tohelp you optimize and improve your core IT processes
High Level Process Landscape (Importance: Effectiveness) Sample IT Company # of Responses 6
TEST DOCUMENT3
NoImportance
1.0 - 6.0
LimitedImportance
6.1 - 7.4
SigniKcantImportance
7.5 - 8.0
CriticalImportance
8.1 - 10
These are all of your IT processes ranked based on their perceivedimportance, from the most important to the least important. Use this data tounderstand which processes your team believes are crucial to them and tothe organization.
CriticalImportance IT Strategy 9.8 Service Desk 9.3 Security
Management 9.3 Incident &Problem
Management9.3 Business
Continuity 9.2
Data Quality 9.2 ProjectManagement 9.2 Cost
Optimization 9.2 KnowledgeManagement 9.2 Disaster
RecoveryPlanning
9.2
IT Governance 9 Cost & BudgetManagement 9 IT
OrganizationalDesign
9 QualityManagement 9 Business
Intelligence &Reporting
8.8
ServiceManagement 8.8 Data
Architecture 8.8 RiskManagement 8.8 Availability &
CapacityManagement
8.7 PerformanceMeasurement 8.7
Innovation 8.7 PortfolioManagement 8.7 External
Compliance 8.5 SecurityStrategy 8.5 IT
Management &Policies
8.5
StakeholderRelations 8.5 Change
Management 8.5 Leadership,Culture &
Values8.3 Enterprise
Architecture 8.3 OperationsManagement 8.3
EnterpriseApplicationSelection &
Implementation8.3 Organizational
ChangeManagement
8.3 ReleaseManagement 8.2
SigniFcantImportance Business
Value 8 HumanResources
Management8 Asset
Management 8 Con1gurationManagement 8 Business
ProcessControls &
Internal Audit7.8
ApplicationPortfolio
Management7.8 Requirements
Gathering 7.8 ApplicationMaintenance 7.8 Application
DevelopmentThroughput
7.7
LimitedImportance Manage
ServiceCatalog
7.3 VendorManagement 7.2
No Importance ApplicationDevelopment
Quality5.3
Red 2.5 - 9 SigniFcant Gap in Alignment
2.7 Application Development Quality Yellow 1.1 - 2.4 Gap in Alignment
2.3 Application Portfolio Management 2.1 External Compliance 2.1 Enterprise Architecture 2.0 Business Process Controls & Internal Audit 1.6 Business Value 1.6 Application Development Throughput 1.6 Vendor Management
1.5Enterprise Application Selection &
Implementation 1.5 Release Management Green 0 - 1 Minimal Gap in Alignment
Top 10 Areas ofDisagreement
Process Importance Sample IT Company # of Responses 6
TEST DOCUMENT4
Not inPlace
N/A
NotEffective
0.0 - 4.9
SomewhatIneffective
5.0 - 6.9
SomewhatEffective
7.0 - 7.9
VeryEffective
8.0 - 10.0
This page shows all your IT processes in order of their perceivedeffectiveness, from least effective to most effective. Use this data tounderstand which processes your team believes are currently performingwell and which processes are currently struggling or broken.
Not InPlace
Not Effective ApplicationDevelopment
Quality4.3
SomewhatIneffective Application
PortfolioManagement
5 ManageServiceCatalog
5.2 ReleaseManagement 5.3 Change
Management 5.7 BusinessProcess
Controls &Internal Audit
5.7
OrganizationalChange
Management5.8 Application
DevelopmentThroughput
6 HumanResources
Management6 Service Desk 6.2 Asset
Management 6.2
ExternalCompliance 6.2 Business Value 6.2 Vendor
Management 6.3 RequirementsGathering 6.3 Business
Intelligence &Reporting
6.3
ApplicationMaintenance 6.3 Operations
Management 6.5 CostOptimization 6.5 Con1guration
Management 6.7 SecurityStrategy 6.7
EnterpriseApplicationSelection &
Implementation6.7 IT
OrganizationalDesign
6.8 QualityManagement 6.8 Risk
Management 6.8 Data Quality 6.8
Availability &Capacity
Management6.8 Disaster
RecoveryPlanning
6.8
SomewhatEffective IT Governance 7 Service
Management 7 IT Management& Policies 7 Enterprise
Architecture 7 SecurityManagement 7
StakeholderRelations 7 Leadership,
Culture &Values
7 BusinessContinuity 7 Cost & Budget
Management 7.2 DataArchitecture 7.2
PortfolioManagement 7.2 Innovation 7.3 Project
Management 7.3 KnowledgeManagement 7.5 Performance
Measurement 7.7
IT Strategy 7.7 Incident &Problem
Management7.8
Very Effective
Red 2.5 - 9 SigniFcant Gap in Alignment
2.9 Data Quality 2.6 Application Portfolio Management 2.5 Service Desk Yellow 1.1 - 2.4 Gap in Alignment
2.5 Application Development Quality 2.3 Manage Service Catalog 2.3 IT Organizational Design 2.2 Operations Management 2.1 Cost Optimization 2.1 Change Management 2.1 External Compliance Green 0 - 1 Minimal Gap in Alignment
Top 10 Areas ofDisagreement
Process Effectiveness Sample IT Company # of Responses 6
TEST DOCUMENT5
Use this grid to prioritize your team’s process improvement initiatives. The top processes in each quadrant have been listed in this grid. Please use the following page as reference for any quadrants withadditional processes. Focus your time and energy on the processes in the top left quadrant Frst, which received high importance scores but low effectiveness scores.
Improve Process Immediately Leverage Process
Evaluate Process Maintain Process
Service Desk
Disaster Recovery Planning
Data Quality
Cost Optimization
IT Strategy
Incident & ProblemManagement
Security Management
Knowledge Management
Application PortfolioManagement Business Value
ConFguration Management
Human ResourcesManagement
Asset Management
Manage Service Catalog
Vendor Management
Application DevelopmentQuality
Strategy &Governance
FinancialManagement
People &Resources
Service Planning &Architecture
Infrastructure &Operations
Security & Risk Applications
Data & BI PPM & Projects
Additional processesreported in this quadrant
Process Prioritization Sample IT Company # of Responses 6
TEST DOCUMENT6
This page outlines the current process accountabilities for each IT process. These individuals have indicated that they are accountable for all of the processesthat sit next to their names. Pay particular attention to processes who have more than one individual accountable, as well as processes that have nobody heldaccountable for them. Determine whether the current accountability distribution makes sense, and which processes need more or less attention.
Name If a person has been identiKed as accountable for three processes or more, a warning sign will show up. Being accountable for too many processes can result in insufKcient attention being paid to each individual process.
Missing Accountability
Hank Moore
Innovation IT Governance IT Management& Policies IT Strategy Performance
Measurement StakeholderRelations Business
Intelligence &Reporting
DataArchitecture Data Quality Enterprise
Architecture EnterpriseApplicationSelection &
Implementation Organizational
ChangeManagement Project
Management RequirementsGathering
ApplicationMaintenance Availability &
CapacityManagement Change
Management ConBgurationManagement Operations
Management ReleaseManagement Service
Management BusinessContinuity Disaster
RecoveryPlanning External
Compliance RiskManagement Asset
Management Cost & BudgetManagement Portfolio
Management Vendor
Management HumanResources
Management Leadership,Culture &
Values ITOrganizational
Design Business Value CostOptimization Knowledge
Management Quality
Management Manage ServiceCatalog Service Desk Incident &
ProblemManagement Security
Strategy SecurityManagement Business Process
Controls & InternalAudit
ApplicationPortfolio
Management ApplicationDevelopmentThroughput Application
DevelopmentQuality
David Martin
PerformanceMeasurement Stakeholder
Relations BusinessIntelligence &
Reporting DataArchitecture Data Quality Application
Maintenance ChangeManagement
OperationsManagement Release
Management ServiceManagement Business
Continuity ExternalCompliance Risk
Management AssetManagement
Leadership,Culture &
Values ITOrganizational
Design QualityManagement Manage Service
Catalog Service Desk Incident &Problem
Management SecurityStrategy
SecurityManagement Business Process
Controls & InternalAudit
Process Accountability Sample IT Company # of Responses 6
TEST DOCUMENT8
Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner ofthis process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with thisprocess. I manage the process maturity and I’m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with thisprocess and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process.
AccountableOnly
Accountable &Responsible
ResponsibleOnly
Involved:Consulted
Involved:Informed
Not InvolvedAccountability ConLict
Accountability ConLict &Responsibility ConLict Responsibility ConLict
Peter Green
Availability &Capacity
Management BusinessContinuity Business Process
Controls & InternalAudit Change
Management ConBgurationManagement Disaster
RecoveryPlanning Enterprise
Architecture IT Governance IT
OrganizationalDesign IT Strategy Incident &
ProblemManagement Innovation Manage Service
Catalog QualityManagement
ReleaseManagement Risk
Management SecurityManagement Security
Strategy ServiceManagement Vendor
Management ApplicationDevelopmentThroughput
ApplicationMaintenance Asset
Management ExternalCompliance IT Management
& Policies KnowledgeManagement Leadership,
Culture &Values Organizational
ChangeManagement
RequirementsGathering Stakeholder
Relations ApplicationPortfolio
Management Business Value Cost & BudgetManagement Cost
Optimization EnterpriseApplicationSelection &
Implementation
HumanResources
Management OperationsManagement Portfolio
Management ProjectManagement Service Desk Performance
Measurement ApplicationDevelopment
Quality Business
Intelligence &Reporting Data
Architecture Data Quality
Team Process Involvement Sample IT Company # of Responses 6
TEST DOCUMENT10
Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner ofthis process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with thisprocess. I manage the process maturity and I’m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with thisprocess and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process.
AccountableOnly
Accountable &Responsible
ResponsibleOnly
Involved:Consulted
Involved:Informed
Not InvolvedAccountability ConLict
Accountability ConLict &Responsibility ConLict Responsibility ConLict
Karen McCoy
ApplicationMaintenance Project
Management ReleaseManagement Asset
Management ConBgurationManagement Enterprise
ApplicationSelection &
Implementation IT Strategy
Incident &Problem
Management KnowledgeManagement Manage Service
Catalog Service Desk StakeholderRelations Application
PortfolioManagement Change
Management Enterprise
Architecture Innovation Availability &Capacity
Management BusinessContinuity Business Value Cost
Optimization DisasterRecoveryPlanning
IT Governance IT Management& Policies Leadership,
Culture &Values Operations
Management PortfolioManagement Quality
Management RiskManagement
SecurityStrategy Service
Management ApplicationDevelopment
Quality ApplicationDevelopmentThroughput Business
Intelligence &Reporting Business Process
Controls & InternalAudit Cost & Budget
Management Data
Architecture Data Quality ExternalCompliance Human
ResourcesManagement IT
OrganizationalDesign Organizational
ChangeManagement Performance
Measurement Requirements
Gathering SecurityManagement Vendor
Management
Team Process Involvement Sample IT Company # of Responses 6
TEST DOCUMENT11
Who isaccountable?
Have questions or need expert insight into a speciKc IT process? Below each process in the above framework you can contact the name of the individual who isaccountable for the process within your organization.
STRATEGY &GOVERNANCE
EDM01IT Governance
Peter Green
APO02IT Strategy
Peter Green
MEA01PerformanceMeasurement
David Martin
EDM02Business Value
Hank Moore
APO06Cost & BudgetManagement
Hank Moore
APO10Vendor Management
Peter Green
FINANCIALMANAGEMENT
APO01IT Management &
Policies
Hank Moore
APO04Innovation
Peter Green
APO08EDM05Stakeholder
Relations
Karen McCoy
BAI08Knowledge
Management
Karen McCoy
EDM04Cost Optimization
Hank Moore
PEOPLE &RESOURCES
APO07Human Resources
Management
Hank Moore
ITRG01IT Organizational
Design
Peter Green
ITRG02Leadership, Culture &
Values
David Martin
ITRG03Manage Service
Catalog
Peter Green
SERVICE PLANNING &ARCHITECTURE
APO03Enterprise
Architecture
Peter Green
APO09Service Management
Peter Green
APO11Quality Management
Peter Green
INFRASTRUCTURE& OPERATIONS
BAI04Availability & Capacity
Management
Peter Green
BAI09Asset Management
Karen McCoy
DSS01Operations
Management
David Martin
BAI06Change Management
Peter Green
BAI10Con1gurationManagement
Peter Green
DSS02Service Desk
Karen McCoy
SECURITY& RISK
DSS05Security Management
Peter Green
APO12EDM03Risk Management
Peter Green
BAI07Release Management
Peter Green
DSS03Incident & Problem
Management
Peter Green
APO13Security Strategy
Peter Green
DSS06MEA02Business Process Controls
& Internal Audit
Peter Green
MEA03External Compliance
David Martin
DSS04Business Continuity
Peter Green
DSS04Disaster Recovery
Planning
Peter Green
APPLICATIONSITRG04
Application PortfolioManagement
Hank Moore
BAI03Enterprise Application
Selection &ImplementationKaren McCoy
BAI03Application Development
Throughput
Hank Moore
BAI07Application Development
Quality
Hank Moore
ITRG05Application
Maintenance
Karen McCoy
BAI05Organizational Change
Management
Hank Moore
PPM & PROJECTS
DATA & BIITRG06
Business Intelligence &Reporting
David Martin
ITRG07Data Architecture
David Martin
ITRG08Data Quality
David Martin
APO05Portfolio
Management
Hank Moore
BAI01Project Management
Karen McCoy
BAI02Requirements
Gathering
Hank Moore
IT Management & Governance FrameworkA comprehensive and connected set of research tohelp you optimize and improve your core IT processes
TEST DOCUMENT17
The IT leader must focus on improving the processes in the top left quadrant Frst in order to see the biggest impact.
Improve Process Immediately Leverage Process
Evaluate Process Maintain Process
Disaster Recovery Planning
Risk Management
External Compliance
Security Strategy
Security Management
Business Continuity
Business Process Controls &Internal Audit
Strategy &Governance
FinancialManagement
People &Resources
Service Planning &Architecture
Infrastructure &Operations
Security & Risk Applications
Data & BI PPM & Projects
Additional processesreported in this quadrant
Security & Risk: Process Prioritization Sample IT Company # of Responses 6
TEST DOCUMENT36
DSS05
Security
Management
Protect enterprise information as required by the business.Establish and maintain information security roles and accessprivileges, and perform security monitoring to minimize thebusiness impact of operational information securityvulnerabilities and incidents.
4th Most Important Process (out of 45)
11th Most Effective Process (out of 45)
Average Importance score 9.3
Average Effectiveness score 7.0
NameEffectiveness
scoresImportance
scoresGap
Hank Moore 9.0 9.0 0.0
David Martin 9.0 10.0 -1.0
Kimberly Wilson 8.0 9.0 -1.0
Tracy Hall 7.0 10.0 -3.0
Karen McCoy 5.0 9.0 -4.0
Peter Green 4.0 9.0 -5.0
DSS04
Disaster RecoveryPlanning
Establish and maintain a plan to enable IT to respond toincidents and disruptions in order to continue operationof required IT services and assets.
6th Most Important Process (out of 45)
23rd Most Effective Process (out of 45)
Average Importance score 9.2
Average Effectiveness score 6.8
NameEffectiveness
scoresImportance
scoresGap
Hank Moore 8.0 8.0 0.0
Kimberly Wilson 8.0 10.0 -2.0
David Martin 8.0 9.0 -1.0
Tracy Hall 7.0 10.0 -3.0
Karen McCoy 6.0 9.0 -3.0
Peter Green 4.0 9.0 -5.0
DSS04
Business
Continuity
Establish and maintain a plan to enable the business torespond to incidents and disruptions in order to continueoperation of business and IT processes.
10th Most Important Process (out of 45)
12th Most Effective Process (out of 45)
Average Importance score 9.2
Average Effectiveness score 7.0
NameEffectiveness
scoresImportance
scoresGap
Hank Moore 9.0 9.0 0.0
Kimberly Wilson 9.0 10.0 -1.0
David Martin 8.0 8.0 0.0
Tracy Hall 7.0 10.0 -3.0
Karen McCoy 5.0 9.0 -4.0
Peter Green 4.0 9.0 -5.0
Security & Risk: Detailed Responses Sample IT Company # of Responses 6
* GAP = (Effectiveness score - Importance score), indicates the degree to which effectiveness is sufKcient given the importance of each process. Negative scores indicate processes that aren't as effective as they are important.** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process.
37
APO12
EDM03
Risk Management
Continually identify, assess and reduce IT-related riskwithin levels of tolerance set by the business.
16th Most Important Process (out of 45)
20th Most Effective Process (out of 45)
Average Importance score 8.8
Average Effectiveness score 6.8
NameEffectiveness
scoresImportance
scoresGap
Hank Moore 9.0 9.0 0.0
David Martin 8.0 9.0 -1.0
Tracy Hall 8.0 9.0 -1.0
Kimberly Wilson 7.0 8.0 -1.0
Karen McCoy 6.0 9.0 -3.0
Peter Green 3.0 9.0 -6.0
MEA03
External
Compliance
Ensure that IT processes and IT-supported businessprocesses are compliant with laws, regulations andcontractual requirements.
26th Most Important Process (out of 45)
35th Most Effective Process (out of 45)
Average Importance score 8.5
Average Effectiveness score 6.2
NameEffectiveness
scoresImportance
scoresGap
Kimberly Wilson 9.0 10.0 -1.0
David Martin 9.0 10.0 -1.0
Tracy Hall 6.0 9.0 -3.0
Karen McCoy 5.0 9.0 -4.0
Hank Moore 4.0 4.0 0.0
Peter Green 4.0 9.0 -5.0
APO13
Security Strategy
DeFne, operate and monitor a system for informationsecurity management. Keep the impact and occurrenceof information security incidents within the business’ riskappetite levels.
27th Most Important Process (out of 45)
26th Most Effective Process (out of 45)
Average Importance score 8.5
Average Effectiveness score 6.7
NameEffectiveness
scoresImportance
scoresGap
Hank Moore 9.0 9.0 0.0
David Martin 9.0 9.0 0.0
Karen McCoy 6.0 9.0 -3.0
Kimberly Wilson 6.0 6.0 0.0
Tracy Hall 6.0 9.0 -3.0
Peter Green 4.0 9.0 -5.0
Security & Risk: Detailed Responses Sample IT Company # of Responses 6
* GAP = (Effectiveness score - Importance score), indicates the degree to which effectiveness is sufKcient given the importance of each process. Negative scores indicate processes that aren't as effective as they are important.** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process.
38
Fill in process name
Sub-process 1
Sub-process 2
Sub-process 3
Sub-process 4
Fill in process owner's Name
Considerations and Diagnostic Questions Considerations and Diagnostic Questions
Steps Goals Metrics for success Timeline
Steps Goals Metrics for success Timeline
Steps Goals Metrics for success Timeline
Post-Alignment Worksheet Sample IT Company # of Responses 6
TEST DOCUMENT51
Strategy & GovernanceIT Governance: Provide a consistent approach so that
IT-related decisions are made in line with the business
strategies and objectives. Ensure that IT-related processes
are overseen effectively and transparently, and that legal and
regulatory compliance requirements are met.
IT Strategy: Align strategic IT plans with business
objectives. Clearly communicate the objectives and
associated accountabilities so they are understood by all,
with the IT strategic options identiBed, structured and
integrated with the business plans.
IT Management & Policies: Provide a consistent
approach to enable IT to meet the business governance
requirements, covering management processes,
organisational structures, roles and responsibilities, reliable
and repeatable activities, and skills and competencies.
Performance Measurement: Manage IT and process
goals and metrics. Monitor and communicate that
processes are performing against expectations, and provide
transparency of performance and conformance.
Innovation: Stay up to date with IT trends, identify
innovation opportunities, and plan how to use technology
innovation to create a competitive advantage, enable
business innovation, or achieve improved operational
effectiveness and efBciency.
Stakeholder Relations: Manage the relationship
between the business and IT to ensure that the stakeholders
are satisBed with the services they need from IT and have
visibility into IT processes.
Financial ManagementBusiness Value: Secure optimal value from IT-enabled
initiatives, services and assets by delivering cost-efBcient
solutions and services and by providing a reliable and
accurate picture of costs and beneBts.
Cost & Budget Management: Manage the IT-related
Bnancial activities and prioritize spending through the use of
formal budgeting practices. Provide transparency and
accountability of the cost and business value of IT solutions
and services.
Cost Optimization: Ensure that adequate and sufBcient
IT-related capabilities e.g., people, process and technology,
are available to support business objectives effectively at
optimal cost.
Vendor Management: Manage IT-related services
provided by all suppliers, including the selection of suppliers,
management of relationships, management of contracts,
and reviewing and monitoring of supplier performance.
People & ResourcesHuman Resources Management: Manage
structuring, placement, decision rights and skills of human
resources. This includes communicating the deBned roles
and responsibilities, learning and growth plans, and
performance expectations.
IT Organizational Design: Set up the structure of IT’s
people, processes, and technology as well as roles and
responsibilities to ensure that they’re best meeting the
needs of the business.
Leadership, Culture & Values: Ensure that the IT
department reCects the values of your organization. Improve
the leadership skills of your team to generate top
performance.
Knowledge Management: Maintain the availability of
knowledge to support all process activities and to facilitate
decision making. Provide the knowledge required to support
all IT staff in their work activities.
Service Planning & ArchitectureEnterprise Architecture: Establish a management
practice to create and maintain a coherent set of principles,
methods, and models that are used in the design and
implementation of the enterprise’s business processes,
information systems, and infrastructure.
Service Management: Align IT-enabled services and
service levels with business needs and expectations,
including identiBcation, speciBcation, design, publishing,
agreement, and monitoring of IT services, service levels and
performance indicators.
Quality Management: DeBne and communicate quality
requirements in all processes, procedures and business
outcomes. Ensure the consistent delivery of IT solutions and
services to meet the quality requirements of the business
and satisfy stakeholder needs.
Manage Service Catalog: Produce, maintain, and
promote a service catalog containing accurate information
on all operational IT services, as well as those being
prepared to be run operationally.
Infrastructure & OperationsAvailability & Capacity Management: Balance
current and future needs for availability, performance and
capacity of IT systems and infrastructure through the
forecast of future performance and capacity requirements.
Change Management: Manage all IT system changes
in a controlled manner, including standard changes and
emergency maintenance relating to business processes,
applications and infrastructure. Enable fast and reliable
delivery of change to the business and mitigate the risk of
negatively impacting the stability of the changed
environment.
Asset Management: IT assets through their life cycle
to make sure that they deliver value at optimal cost, remain
operational, are accounted for and physically protected.
Ensure that the assets are reliable and available as needed.
ConEguration Management: Provide sufBcient
information about IT service assets to enable the service to
be effectively managed. DeBne and maintain descriptions
and relationships between key resources and capabilities
required to deliver IT-enabled services.
Release Management: Successfully implement new
IT solutions and services in line with the agreed-on
expectations and outcomes. Ensure that the implementation
of new solutions and services has the necessary support,
from planning to execution to post-implementation support
and staff training.
Operations Management: Manage the activities and
operational procedures required to deliver IT services,
including standard operating procedures and monitoring
activities.
Service Desk: Provide timely and effective response to
user requests and resolution of all types of incidents.
Restore normal service; record and fulBl user requests; and
record, investigate, diagnose, escalate and resolve incidents.
Incident & Problem Management: Identify and
classify problems and their root causes and provide timely
resolution to prevent recurring incidents. Reduce the number
of operational problems.
Process Descriptions Sample IT Company # of Responses 6
TEST DOCUMENT52
Security & RiskSecurity Strategy: DeBne, operate and monitor asystem for information security management. Keep theimpact and occurrence of information security incidentswithin the business’ risk appetite levels.
Security Management: Protect enterprise informationas required by the business. Establish and maintaininformation security roles and access privileges, andperform security monitoring to minimize the businessimpact of operational information security vulnerabilities andincidents.
Business Process Controls & Internal Audit:Manage business process controls such as self-assessments and independent assurance reviews to ensurethat information related to and used by business processesmeets security and integrity requirements.
External Compliance: Ensure that IT processes and IT-supported business processes are compliant with laws,regulations and contractual requirements.
Risk Management: Continually identify, assess andreduce IT-related risk within levels of tolerance set by thebusiness.
Business Continuity: Establish and maintain a plan toenable the business to respond to incidents and disruptionsin order to continue operation of business and IT processes.
Disaster Recovery Planning: Establish and maintaina plan to enable IT to respond to incidents and disruptions inorder to continue operation of required IT services andassets.
ApplicationsApplication Portfolio Management: Manage theorganization’s suite of applications by determining eachapplication’s ability to provide value to the business relativeto its cost. Identify which applications to retire, grow orreplace, repurpose or sustain.
Enterprise Application Selection &Implementation: Manage the selection andimplementation of enterprise applications, off-the-shelfsoftware and Software as a Service, to ensure that ITprovides the business with the most appropriateapplications at an acceptable cost.
Application Development Throughput: Establisha timely and cost-effective system for the development ofapplications capable of supporting the business’ strategicand operational goals.
Application Development Quality: Implementstandard procedures in the application developmentprocess, including testing strategies, testing preparation andtesting execution, to ensure that the quality of theapplications meet business requirements.
Application Maintenance: Manage the constantimprovement and changes to the organization’s applicationsafter they have been originally delivered and implemented.
Data & BIBusiness Intelligence & Reporting: Develop a setof capabilities, including people, processes and technology,to enable the transformation of raw data into meaningfuland useful information for the purpose of business analysis.
Data Architecture: Manage the business’ databases,including the technology, the governance processes and thepeople that manage them. Establish the principles, policies,and guidelines relevant to the effective use of data within theorganization.
Data Quality: Put policies, processes and capabilities inplace to ensure that appropriate targets for data quality areset and achieved to match the needs of the business.
PPM & ProjectsPortfolio Management: Manage the project portfolioof IT programs and services, demand within resource andfunding constraints, while ensuring that the portfolio meetsthe business’ priorities. Monitor the performance of theoverall portfolio of services and programs to ensure that theIT investments meet the business’ expectations.
Project Management: Manage all IT programs andprojects from the portfolio in alignment with the businessstrategy. Initiate, plan, control, and execute programs andprojects to ensure that the business realizes project beneBtswhile experiencing few delays and cost overruns.
Requirements Gathering: Manage the collection ofbusiness requirements as they pertain to acquiring orcreating IT solutions.
Organizational Change Management: Implementor optimize the organization’s capabilities for managing theimpact of new business processes, new IT systems, andchanges in organizational structure or culture.
Process Descriptions Sample IT Company # of Responses 6
TEST DOCUMENT53